Enterprise Mac Security Mac OS X Snow Leopard ■ ■ ■ Charles Edge William Barker Beau Hunter Gene Sullivan i Enterprise Mac Security: Mac OS X Snow Leopard Copyright © 2010 by Charles Edge, William Barker, Beau Hunter, and Gene Sullivan All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN-13 (pbk): 978-1-4302-2730-4 ISBN-13 (electronic): 978-1-4302-2731-1 Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1 Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. President and Publisher: Paul Manning Lead Editor: Clay Andres Developmental Editor: Michelle Lowman Technical Reviewer: Graham Lee Editorial Board: Clay Andres, Steve Anglin, Mark Beckner, Ewan Buckingham, Gary Cornell, Jonathan Gennick, Jonathan Hassell, Michelle Lowman, Matthew Moodie, Duncan Parkes, Jeffrey Pepper, Frank Pohlmann, Douglas Pundick, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh Coordinating Editor: Kelly Moritz Copy Editor: Tracy Brown Collins Compositor: MacPS, LLC Indexer: John Collin Artist: April Milne Cover Designer: Anna Ishchenko Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax 201-348-4505, e-mail orders- [email protected], or visit www.springeronline.com. For information on translations, please e-mail [email protected], or visit www.apress.com. Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Special Bulk Sales–eBook Licensing web page at www.apress.com/info/bulksales. The information in this book is distributed on an “as is” basis, without warranty. Although every precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work. ii To my wonderful wife Lisa and sweet little Emerald, with all of my love! – Charles Edge To my family and friends, who incessantly inspire me to follow my passions, and to my Jill who demonstrates more patience with my creative pursuits than anyone should ever have to. – William Barker To Dana, Maya, and Owen, who put up with a lot. – Gene Sullivan Dedicated to my wife Monica who, despite completely losing me to the world of bits and bytes for the last six months yet again, has been a source of perpetual support. – Beau Hunter iii Contents at a Glance ■Contents at a Glance.................................................................................................................iv ■Contents.....................................................................................................................................v ■About the Authors....................................................................................................................xv ■About the Technical Reviewer................................................................................................xvi ■Acknowledgments.................................................................................................................xvii ■Introduction..........................................................................................................................xviii Part I: The Big Picture..................................................................................................................1(cid:2) ■Chapter 1: Security Quick-Start................................................................................................3(cid:2) ■Chapter 2: Services, Daemons, and Processes.....................................................................29(cid:2) ■Chapter 3: Securing User Accounts........................................................................................49(cid:2) ■Chapter 4: File System Permissions.......................................................................................79(cid:2) ■Chapter 5: Reviewing Logs and Monitoring..........................................................................113(cid:2) Part II: Securing the Ecosystem...............................................................................................137(cid:2) ■Chapter 6: Application Signing and Sandbox......................................................................139(cid:2) ■Chapter 7: Securing Web Browsers and E-mail....................................................................183(cid:2) ■Chapter 8: Malware Security: Combating Viruses, Worms, and Root Kits...........................213(cid:2) ■Chapter 9: Encrypting Files and Volumes.............................................................................233(cid:2) Part III: Network Traffic...........................................................................................................275(cid:2) ■Chapter 10: Securing Network Traffic..................................................................................277(cid:2) ■Chapter 11: Setting Up the Mac OS X Firewall......................................................................299(cid:2) ■Chapter 12: Securing a Wireless Network............................................................................325(cid:2) Part IV: Sharing........................................................................................................................351(cid:2) ■Chapter 13: Part IV: File Services.........................................................................................353(cid:2) ■Chapter 14: Web Site Security..............................................................................................377(cid:2) ■Chapter 15: Remote Connectivity.........................................................................................401(cid:2) ■Chapter 16: Server Security.................................................................................................423(cid:2) Part V: Securing the Workplace...............................................................................................483(cid:2) ■Chapter 17: Network Scanning, Intrusion Detection, and Intrusion Prevention Tools.........485(cid:2) ■Chapter 18: Backup and Fault Tolerance..............................................................................505(cid:2) ■Chapter 19: Forensics...........................................................................................................537(cid:2) ■Appendix A: Xsan Security...................................................................................................559(cid:2) ■Appendix V: InfoSec Acceptable Use Policy..........................................................................563(cid:2) ■Appendix C: CDSA.................................................................................................................571(cid:2) ■Appendix D: Introduction to Cryptography...........................................................................573(cid:2) ■Index.....................................................................................................................................577 iv Contents ■Contents at a Glance.......................................................................................iv(cid:2) ■Contents..........................................................................................................v(cid:2) ■About the Authors ..........................................................................................xv(cid:2) ■About the Technical Reviewer.......................................................................xvi(cid:2) ■Acknowledgments........................................................................................xvii(cid:2) ■Introduction.................................................................................................xviii(cid:2) Part I: The Big Picture.........................................................................................1(cid:2) ■Chapter 1: Security Quick-Start......................................................................3(cid:2) (cid:2) Securing the Mac OS X Defaults.............................................................................................................................3 (cid:2) Customizing System Preferences...........................................................................................................................4 (cid:2) Accounts.................................................................................................................................................................4 (cid:2) Login Options..........................................................................................................................................................6 (cid:2) Passwords.........................................................................................................................................................7 (cid:2) Administrators...................................................................................................................................................8 (cid:2) Security Preferences...............................................................................................................................................9 (cid:2) General....................................................................................................................................................................9 (cid:2) FileVault................................................................................................................................................................11 (cid:2) Firewall.................................................................................................................................................................13 (cid:2) Software Update...................................................................................................................................................14 (cid:2) Bluetooth Security................................................................................................................................................16 (cid:2) Printer Security.....................................................................................................................................................18 (cid:2) Sharing Services...................................................................................................................................................20 (cid:2) Securely Erasing Disks.........................................................................................................................................21 (cid:2) Using Secure Empty Trash....................................................................................................................................23 (cid:2) Using Encrypted Disk Images...............................................................................................................................24 (cid:2) Securing Your Keychains......................................................................................................................................25 (cid:2) Best Practices.......................................................................................................................................................27 ■Chapter 2: Services, Daemons, and Processes............................................29(cid:2) (cid:2) Introduction to Services, Daemons, and Processes..............................................................................................29 v ■ CONTENTS (cid:2) Viewing What’s Currently Running.......................................................................................................................31 (cid:2) The Activity Monitor.........................................................................................................................................31 (cid:2) The ps Command.............................................................................................................................................35 (cid:2) The top Output.................................................................................................................................................36 (cid:2) Viewing Which Daemons Are Running.............................................................................................................38 (cid:2) Viewing Which Services Are Available.............................................................................................................39 (cid:2) Stopping Services, Daemons, and Processes.......................................................................................................40 (cid:2) Stopping Processes.........................................................................................................................................41 (cid:2) Stopping Daemons................................................................................................................................................43 (cid:2) Types of launchd Services....................................................................................................................................44 (cid:2) GUI Tools for Managing launchd...........................................................................................................................44 (cid:2) Changing What Runs At Login...............................................................................................................................45 (cid:2) Validating the Authenticity of Applications and Services......................................................................................46 (cid:2) Summary..............................................................................................................................................................47 ■Chapter 3: Securing User Accounts...............................................................49(cid:2) (cid:2) Introducing Identification, Authentication, and Authorization...............................................................................49 (cid:2) Managing User Accounts......................................................................................................................................50 (cid:2) Introducing the Account Types........................................................................................................................51 (cid:2) Adding Users to Groups...................................................................................................................................53 (cid:2) Enabling the Superuser Account......................................................................................................................54 (cid:2) Setting Up Parental Controls............................................................................................................................56 (cid:2) Managing the Rules Put in Place.....................................................................................................................62 (cid:2) Advanced Settings in System Preferences...........................................................................................................64 (cid:2) Working with Local Directory Services.................................................................................................................65 (cid:2) Creating a Second Local Directory Node.........................................................................................................68 (cid:2) External Accounts............................................................................................................................................68 (cid:2) Restricting Access with the Command Line: sudoers...........................................................................................69 (cid:2) Securing Mount Points..........................................................................................................................................74 (cid:2) SUID Applications: Getting into the Nitty-Gritty.....................................................................................................75 (cid:2) Creating Files with Permissions...........................................................................................................................77 (cid:2) Summary..............................................................................................................................................................78 ■Chapter 4: File System Permissions..............................................................79(cid:2) (cid:2) Mac OS File Permissions: A Brief History of Time................................................................................................80 (cid:2) POSIX Permissions................................................................................................................................................81 (cid:2) Modes in Detail................................................................................................................................................82 (cid:2) Inheritance.......................................................................................................................................................84 (cid:2) The Sticky Bit...................................................................................................................................................87 (cid:2) The suid/sguid Bits..........................................................................................................................................87 (cid:2) POSIX in Practice.............................................................................................................................................88 (cid:2) Access Control Lists..............................................................................................................................................91 (cid:2) Access Control Entries.....................................................................................................................................91 (cid:2) Effective Permissions......................................................................................................................................94 (cid:2) ACLs in Practice...............................................................................................................................................95 (cid:2) Administering Permissions...................................................................................................................................97 (cid:2) Using the Finder to Manage Permissions...........................................................................................................103 (cid:2) Using chown and chmod to Manage Permissions..............................................................................................104 (cid:2) The Hard Link Dilemma.......................................................................................................................................107 vi ■ CONTENTS (cid:2) Using mtree to Audit File system Permissions...................................................................................................109 (cid:2) Summary............................................................................................................................................................111 ■Chapter 5: Reviewing Logs and Monitoring ................................................113(cid:2) (cid:2) What Exactly Gets Logged?................................................................................................................................113 (cid:2) Using Console.....................................................................................................................................................115 (cid:2) Viewing Logs..................................................................................................................................................115 (cid:2) Marking Logs.................................................................................................................................................116 (cid:2) Searching Logs..............................................................................................................................................117 (cid:2) Finding Logs.......................................................................................................................................................118 (cid:2) Secure.log: Security Information 101............................................................................................................119 (cid:2) appfirewall.log...............................................................................................................................................120 (cid:2) Reviewing User-Specific Logs............................................................................................................................121 (cid:2) Reviewing Command-Line Logs.........................................................................................................................123 (cid:2) Reviewing Library Logs.......................................................................................................................................124 (cid:2) Breaking Down Maintenance Logs.....................................................................................................................124 (cid:2) daily.out.........................................................................................................................................................126 (cid:2) Yasu...............................................................................................................................................................127 (cid:2) Weekly.out.....................................................................................................................................................128 (cid:2) Monthly.out....................................................................................................................................................129 (cid:2) What to Worry About...........................................................................................................................................129 (cid:2) Virtual Machine and Bootcamp Logs..................................................................................................................130 (cid:2) Event Viewer..................................................................................................................................................130 (cid:2) Task Manager................................................................................................................................................131 (cid:2) Performance Alerts........................................................................................................................................132 (cid:2) Review Regularly, Review Often.........................................................................................................................133 (cid:2) Accountability................................................................................................................................................133 (cid:2) Incident Response.........................................................................................................................................134 (cid:2) Summary............................................................................................................................................................135 Part II: Securing the Ecosystem.....................................................................137(cid:2) ■Chapter 6: Application Signing and Sandbox.............................................139(cid:2) (cid:2) Application Signing.............................................................................................................................................139 (cid:2) Application Authentication.............................................................................................................................141 (cid:2) Application Integrity.......................................................................................................................................143 (cid:2) Signature Enforcement in OS X......................................................................................................................144 (cid:2) Signing and Verifying Applications................................................................................................................153 (cid:2) Sandbox..............................................................................................................................................................156 (cid:2) Sandbox Profiles............................................................................................................................................158 (cid:2) The Anatomy of a Profile................................................................................................................................161 (cid:2) Sandbox Profiles in Action.............................................................................................................................166 (cid:2) The Seatbelt Framework................................................................................................................................178 (cid:2) Summary............................................................................................................................................................180 ■Chapter 7: Securing Web Browsers and E-mail..........................................183(cid:2) (cid:2) A Quick Note About Passwords...........................................................................................................................184 (cid:2) Securing Your Web Browser...............................................................................................................................185 (cid:2) Securing Safari..............................................................................................................................................185 (cid:2) Securing Firefox.............................................................................................................................................189 (cid:2) Securely Configuring Mail...................................................................................................................................196 vii ■ CONTENTS (cid:2) Using SSL.......................................................................................................................................................196 (cid:2) Securing Entourage.......................................................................................................................................199 (cid:2) Fighting Spam.....................................................................................................................................................202 (cid:2) Anatomy of Spam...........................................................................................................................................202 (cid:2) Desktop Solutions for Securing E-mail...............................................................................................................207 (cid:2) Using PGP to Encrypt Mail Messages............................................................................................................207 (cid:2) GPG Tools.......................................................................................................................................................207 (cid:2) Using Mail Server-Based Solutions for Spam and Viruses.................................................................................207 (cid:2) Kerio...............................................................................................................................................................208 (cid:2) Mac OS X Server’s Antispam Tools................................................................................................................210 (cid:2) CommuniGate Pro..........................................................................................................................................211 (cid:2) Outsourcing Your Spam and Virus Filtering........................................................................................................212 (cid:2) Summary............................................................................................................................................................213 ■Chapter 8: Malware Security: Combating Viruses, Worms, and Root Kits.............................................................................213(cid:2) (cid:2) Classifying Threats.............................................................................................................................................213 (cid:2) The Real Threat of Malware on the Mac........................................................................................................216 (cid:2) Script Malware Attacks..................................................................................................................................217 (cid:2) Socially Engineered Malware........................................................................................................................218 (cid:2) Using Antivirus Software....................................................................................................................................218 (cid:2) Built Into Mac OS X........................................................................................................................................219 (cid:2) Antivirus Software Woes................................................................................................................................220 (cid:2) McAfee VirusScan..........................................................................................................................................220 (cid:2) Norton AntiVirus.............................................................................................................................................220 (cid:2) ClamXav.........................................................................................................................................................221 (cid:2) Sophos Anti-Virus..........................................................................................................................................226 (cid:2) Best Practices for Combating Malware.........................................................................................................227 (cid:2) Other Forms of Malware.....................................................................................................................................228 (cid:2) Adware...........................................................................................................................................................228 (cid:2) Spyware.........................................................................................................................................................228 (cid:2) Root Kits.........................................................................................................................................................230 (cid:2) Summary............................................................................................................................................................232 ■Chapter 9: Encrypting Files and Volumes....................................................233(cid:2) (cid:2) Using the Keychain to Secure Sensitive Data.....................................................................................................234 (cid:2) The Login Keychain........................................................................................................................................234 (cid:2) Creating Secure Notes and Passwords..........................................................................................................237 (cid:2) Managing Multiple Keychains........................................................................................................................240 (cid:2) Using Disk Images as Encrypted Data Stores.....................................................................................................243 (cid:2) Creating Encrypted Disk Images....................................................................................................................245 (cid:2) Interfacing with Disk Images from the Command Line..................................................................................251 (cid:2) Encrypting User Data Using FileVault..................................................................................................................257 (cid:2) Enabling FileVault for a User..........................................................................................................................260 (cid:2) The FileVault Master Password.....................................................................................................................263 (cid:2) Limitations of Sparse Images and Reclaiming Space....................................................................................264 (cid:2) Full Disk Encryption............................................................................................................................................266 (cid:2) Check Point....................................................................................................................................................267 (cid:2) PGP Encryption..............................................................................................................................................269 viii ■ CONTENTS (cid:2) TrueCrypt.......................................................................................................................................................270 (cid:2) WinMagic SecureDoc.....................................................................................................................................271 (cid:2) Summary............................................................................................................................................................272 Part III: Network Traffic..................................................................................275(cid:2) ■Chapter 10: Securing Network Traffic.........................................................277(cid:2) (cid:2) Understanding TCP/IP.........................................................................................................................................277 (cid:2) Types of Networks..............................................................................................................................................280 (cid:2) Peer-to-Peer..................................................................................................................................................280 (cid:2) Considerations when Configuring Peer-to-Peer Networks............................................................................281 (cid:2) Client-Server Networks..................................................................................................................................282 (cid:2) Understanding Routing.......................................................................................................................................283 (cid:2) Packets..........................................................................................................................................................283 (cid:2) Port Management...............................................................................................................................................285 (cid:2) DMZ and Subnets................................................................................................................................................286 (cid:2) Spoofing..............................................................................................................................................................287 (cid:2) Stateful Packet Inspection..................................................................................................................................287 (cid:2) Data Packet Encryption.......................................................................................................................................288 (cid:2) Understanding Switches and Hubs.....................................................................................................................288 (cid:2) Managed Switches........................................................................................................................................289 (cid:2) Restricting Network Services.............................................................................................................................291 (cid:2) Security Through 802.1x.....................................................................................................................................292 (cid:2) Proxy Servers......................................................................................................................................................293 (cid:2) Squid..............................................................................................................................................................295 (cid:2) Summary............................................................................................................................................................297 ■Chapter 11: Setting Up the Mac OS X Firewall............................................299(cid:2) (cid:2) Introducing Network Services.............................................................................................................................300 (cid:2) Controlling Services............................................................................................................................................301 (cid:2) Configuring the Firewall......................................................................................................................................304 (cid:2) Working with the Firewall in Leopard and Snow Leopard.............................................................................304 (cid:2) Setting Advanced Features.................................................................................................................................307 (cid:2) Blocking Incoming Connections.....................................................................................................................307 (cid:2) Allowing Signed Software to Receive Incoming Connections........................................................................308 (cid:2) Going Stealthy................................................................................................................................................309 (cid:2) Testing the Firewall............................................................................................................................................310 (cid:2) Configuring the Application Layer Firewall from the Command Line.................................................................312 (cid:2) Using Mac OS X to Protect Other Computers......................................................................................................313 (cid:2) Enabling Internet Sharing..............................................................................................................................313 (cid:2) Working from the Command Line.......................................................................................................................315 (cid:2) Getting More Granular Firewall Control.........................................................................................................315 (cid:2) Using ipfw......................................................................................................................................................317 (cid:2) Using Dummynet............................................................................................................................................321 (cid:2) Summary............................................................................................................................................................324 ■Chapter 12: Securing a Wireless Network...................................................325(cid:2) (cid:2) Wireless Network Essentials..............................................................................................................................325 (cid:2) Introducing the Apple AirPort..............................................................................................................................327 (cid:2) Configuring Older AirPorts..................................................................................................................................328 (cid:2) AirPort Utility..................................................................................................................................................330 ix